FTC and MGM Resorts International legal saga deepen with new filing

The tit-for-tat between the Federal Trade Commission (FTC) and MGM Resorts International continues with renewed zeal, as the two parties have come clashing in legal filings and neither is prepared to let up. This said, the FTC has filed new legal documents in Nevada, seeking to gain information about the cyberattack incident and its ongoing investigation.

FTC and MGM Resorts International clash over handling of 2023 cyber incident

The issue has to do with a case originally filed by the FTC, seeking to obtain details about a cybersecurity attack that impacted guests at MGM Resorts Int. properties in September 2023. However, MGM has resisted such attempts, arguing that it’s not a financial institution and therefore it’s not within the FTC’s purview to elicit information from the company.

Most of what has followed since then has been a game of one-upmanship through legal filings, and attempts to secure a legal argument in court to obtain each party’s end goal. MGM said in April that was trying to have the FTC’s investigation into the company thrown out, as the regulator did not have any legal justification to intervene.

According to MGM, the FTC had taken an interest in the matter only because FTC Chair Lina Khan and a senior aide were staying at a property affected by the cyberattack.

One of the stipulated exchanges that took place was between Khan and an MGM employee who asked Khan to copy down her credit card number on a piece of paper and hand it over to the company for review.

Khan later sought to see how the incident had been handled but was informed that no details could be provided at that point. The investigation supposedly launched shortly after Khan had not been offered information.

What is changed in FTC’s new filing in Nevada?

The new filing by FTC seeks to address MGM’s argument that it is not within the commission’s purview to investigate it. In fact, the FTC argues that this reasoning is "meritless."

"MGM may argue… that it is not the type of entity subject to the Safeguards Rule and Red Flags Rule (respectively, a "financial institution" or "creditor") and therefore the CID is improper," the regulator said.

However, the FTC explains that MGM’s objection to the watchdog’s jurisdiction does not really impact the Civil Investigation Demand that the regulator launched, as the FTC is seeking information about "unfair or deceptive acts or practices violating Section 5 of the FTC Act" whereby MGM is a subject of in this instance.

It’s not yet clear if this argument will hold water in court, but so far it seems that FTC has coached it in a safer phrasing where the regulator is looking into unfair practices more so than financial operations, hence its legal prerequisite to investigate. A judge will have to decide.

This is not the last of the MGM v. FTC saga either.

Image credit: Flickr (@Mulaohu)